You can create API keys for legacy accounts. If you are using a new Trend Cloud One account, see Manage API keys instead.
Workload Security API keys enable you to authenticate your API calls with Workload
Security. API keys provide a secret key that you include in your HTTP request headers
that the manger authenticates. Each API key is also associated with a user role that
determines the actions that you can perform. An expiry date determines when key access
terminates.
You can create API keys using the Workload Security console or the API:
- Create an API key using code
- Create an API key using Workload Security
- Manage API keys after their creation
The Creating a Workload Security API Key video steps you through the process of creating an API key.
Secure your secret keys
Implement API key-management strategies to maximize their security and prevent system
compromise.
Due to the similarities between API key secret keys and cryptographic secret keys,
you can adopt established best practices for managing cryptographic keys. The Open
Web Application Security Project (OWASP) publishes a Key Management Cheat Sheet. Some
of the descriptions in the Key Management LifeCycle Best Practices can be applied to the secret keys of API keys.
If you are storing secret keys, you can use a key management system to encrypt, store,
and decrypt your secret keys, such as the Amazon Key Management Service (KMS). Similarly, you can use a trusted platform module (TPM).
Consider regularly rotating keys to prevent access in the event that API keys are
compromised. Alternatively, you can create API keys as needed and then delete them
after use, or set a short expiry date.